IOC Radar
IPMediumSignal 59/100

45.148.10.119

Location
RomaniaRomania
Amsterdam, Andorra la Vella
ASN
AS48090
Techoff SRV Limited
First Seen
Aug 14, 2023
Last Seen
Jun 10, 2026
Aug 14
First Seen
1032d ago
Jun 10
Last Seen
today
35
Reports
source reports
59%
Confidence
medium
Found in 35 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
59%
Signal Score
59 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

70 techniques

Network Information

CountryRORomania
RegionAmsterdam, Andorra la Vella
ASNAS48090
OrganizationTechoff SRV Limited

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

35 reports59% confidence
35
Source reports
59%
Confidence score
Category tags
abuseaccess controlaccount accessaccount compromiseaccount discoveryaccount profilingaccount takeoveractive scanactive scanningadbhoney honeypotandorraapacheapache attackeraptasiaattackaustraliaauthenticationauthentication attackauthentication bypassaws-credentialsbad reputationbad web botbelgiumblacklist activityblocklist_allblog spambotnetbotnet activitybrazilbrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute-forcebrute_force_attackbrute_force_attemptbruteforcec2canadacertchinacisco devicecisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialscompromised hostcowrie activitycowrie honeypotcredential accesscredential attackcredential brute forcecredential guessingcredential harvestingcredential stuffingcredential-accesscredential_accessdata encryptiondata exfiltrationdata store exposuredata-exfiltration-attemptdatabase attackdatabase securityddosddos attackddos reflectiondecoy systemdenial of servicedenmarkdevice managementdhcpdigital oceandionaea honeypotdistributed attacksdnsdns attackelasticsearchencryptionenterprise networkingeuropeeurope/asiaexploitexploit_attemptexploitation activityexploited hostexposed servicesexternal remote servicesfattfile-accessfinlandfinland based targetfrancefraud ordersftpftp brute forceftp brute-forceftp_bruteforcegermanyhackingheralding activityhoneynet connecthoneytrap honeypothong konghttp brute forcehttp scannerhttpsicelandidentity & access exploitationimapimap attackimap brute forceindicatorindonesiainfected systeminformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet-scanninginternet-wide scanintrusion detectioniot securityiot targetedipv4ipv4 addressipv4-scanningipv4_addressiraqirelandisraelit infrastructureitalyjapankorea, republic oflamplamp exploitation attemptlateral movementlateral_movementldapliechtensteinlithuanialogin attemptmailoney activitymailoney honeypotmalaysiamalicious activitymalicious emailmalicious hostsmalicious ipsmalicious network activitymalicious softwaremalwaremalware behaviourmalware capturemalware deliverymalware distributionmalware_detectionmanualmass-scanningmexicomixed-ip-domainmssqlnetherlandsnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_discoverynetwork_scanningnlnorth americanorwayntpoceaniaopen proxyopenctioracleos credentials dumpingp0fpassword attackpassword attackspassword crackingphishingphishing attackphishing trapping of deathpolandpop3 brute forcepre-attackprocess injectionprotocol exploitationproxyransomwarereconnaissanceremote accessremote servicesresearchedresource hijackingrevproxyroromaniarussiarussian federationsaslsasl authenticationsasl brute forcescams & fraudscanscannerscannersscanning activityscanning_activityscripting attackssecurity policysensor-taggedsentrypeer botnetserver exploitationservice enumerationservice scansftp activitysftp attacksftp attackssftp_attacksingaporesip attackssip scanningsip_attacksmb brute forcesmtpsmtp attackersmtp brute forcesmtp_attacksocial engineeringsocks5socradar honeypotsoftware developmentsouth americaspainspamsql injectionsshssh attackssh monitoringssh_bruteforceswedent1005t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1505.004t1535t1552.001t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1573.002t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp based attacktcp brute forcetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventionthreat-actor-unknownthreat-intelthreat_discoverytor nodetpotturkeyudp scanunauthorized access attemptunited arab emiratesunited kingdomunited statesvenezuela, bolivarian republic ofvnc protocolvoipvoip attackvpnvpn ipvulnerability scanvulnerability-exploitationvulnerability-scanningwebweb app attackweb application attackweb attackweb attack activityweb exploit attemptweb exploitationweb spamweb trafficweb-exploitweb_attack

Activity Timeline

1 total obs
Jun 10Jun 10

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
59
SIGNAL
Signal Score
59%
Confidence
35
Reports
First seenAug 14, 2023
Last seenJun 10, 2026
GeolocationRO
CountryRomania
LocationAmsterdam, Andorra la Vella
ASNAS48090
OrgTechoff SRV Limited
Coords42.5063, 1.5218
ProxyVPN

VirusTotal

Not checked

WHOIS

description
Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 45.148.10.119 observed using TLS client fingerprint 'Unknown TLS Client (5af2ac29e141)' 200 times when connecting to mdms1 between 2026-04-29 10:15 and 2026-04-29 10:15 UTC.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen today
Appeared in 35 threat reports